Download

Quick search

Rate this software

• Currently 0/5 Stars.
• 1
• 2
• 3
• 4
• 5

No. Votes

0

Windows

Mac

Mobile

Drivers

Scripts - DHTML

Web Developer Blog

Scripts and Applications

Arno's IPTABLES Firewall Script 1.8.8c

Details

Arno's IPTABLES Firewall Script 1.8.8c is software developed by Arno van Amersfoort.
Arno's IPTABLES firewall script was initially written because I needed to protect my single-homed Linux machine at work. I wrote it at the time I couldn't find any script that really satisfied my needs except for one that was written by a guy called 'Seven'.



I helped him for several months with the work on his script by suppling patches, reporting bugs etc. In this period I was fortunately also able to master scripting for iptables myself because soon Seven discontinued his work, I never got to even talk to the guy ever again. At that point I decided to continue his work, or actually I started my own branch based on his script.

In the summer of 2002 I finally got an ADSL connection at home. Initially I used the iptables firewall that came with the great ADSL4LINUX-package (http://www.adsl4linux.nl). But it didn't take me long to come to the conclusion that their iptables firewall lacked important features like port-forwarding and flexbility with "trusted hosts" etc.

I also didn't like the fact that I had to use a different firewall for my home machine and the machine at work. This made me decide to use some of the ADSL4LINUX knowledge to implement ADSL support.

By now (about 1 year later as of writing) there are only few remnants left of Seven's original script and many, many, many improvements were applied. One major improvement is the ADSL and NAT support (Check the 'features' page with the specifiations of my firewall). For version 2 (alpha) I plan to completely rewrite to script to make it more flexible and to increase the usability for others.

Here are some key features of "Arno s IPTABLES Firewall Script":
Very secure stateful filtering firewall
Both kernel 2.4 & 2.6 support
It can be used for both single- and multi(eg. dual)-homed boxes
Masquerading (NAT) and SNAT support
Multiple external (internet) interfaces
Support multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)
Port forwarding (NAT)
Support MAC address filtering
Support for DSL/ADSL modems
Support for PPPoE, PPPoA and bridging modem setups
Support for static and ISP assigned (DHCP) IPs
Support for (transparent) proxies
Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate your eg. wireless LAN.
(Nmap)(stealth) portscan detection
Protection against SYN-flooding (DoS attacks)
Protection against ICMP-flooding (DoS attacks)
Extensive user-definable logging with rate limiting to prevent log flooding
Includes options to optimize your throughput
User definable open ports, closed ports, trusted hosts, blocked hosts etc.
Log & protection options are both highly customizable
Support for custom iptables rules in a seperate file
It can be used with chkconfig runlevel system (eg. RedHat/Fedora)
Main focus on TCP/UDP/ICMP but additional support for ALL IP protocols
It works with Freeswan IPSEC (VPN) & SSH Sentinel (http://www.freeswan.org) (+virtual IP's)
It works with PoPTop PPTP (http://www.poptop.org)
It works with UPnP
DRDOS protection/detection (experimental)
It's easy to configure
And much more.

What's New in This Release:
A bug in the MAC_FILTER was fixed.
The MAC/blocked hosts rules were slightly changed.
The number of MAC addresses and blocked hosts loaded is now shown.
Minor changes were made.
Arno's IPTABLES Firewall Script 1.8.8c supports english interface languages and works with Linux.

Downloading Arno's IPTABLES Firewall Script 1.8.8c will take several seconds if you use fast ADSL connection.

0 comments

Add to

 Del.icio.us   Digg It   Furl   YahooMyWeb   Blinklist

Arno's IPTABLES Firewall Script 1.8.8c Version History

Related Software